Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Textpattern'
2022-06-29
CVE-2021-40642
CWE-565
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.
2022-06-14
CVE-2021-40658
CWE-74
Textpattern 4.8.7 is affected by a HTML injection vulnerability through �??Content>Write>Body�?�.
2022-03-29
CVE-2021-44082
CWE-79
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request.
2021-08-19
CVE-2021-28001
CWE-79
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head.
CVE-2021-28002
CWE-79
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page.
2021-07-26
CVE-2020-23239
CWE-79
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.
2021-04-15
CVE-2021-30209
CWE-434
Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions.
2021-01-26
CVE-2020-35854
CWE-79
Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter.
2020-12-02
CVE-2020-29458
CWE-352
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
2020-08-14
CVE-2015-8033
CWE-521
In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account.
Copyright
2024
, cxsecurity.com
Back to Top
Podatności dla 'Textpattern' 
Polish
English